Recent studies indicate a steady increase of fraudulent email spam. One of the most troubling Internet fraud schemes is phishing. Phishing, short for password harvesting fishing, is the luring of sensitive information, such as password and other personal information, from a victim by masquerading as someone trustworthy with a real need for such information. It is a form of social engineering attack. Popular targets are users of online banking service, and auction sites such as eBay®. Phishers usually work by sending out spam email to a large number of potential victims. These emails direct the recipients to a web page, which appears to belong to their online bank, for example, but in fact captures their account information for the phisher's use. Typically the email will appear to come from a trustworthy company and contain a subject and message intended to alarm the recipients into taking action. A common approach is to tell the recipients that their account has been de-activated due to a problem and inform them that they must take action to re-activate their account. The recipients are provided with a convenient link in the same email that takes them to a fake web page appearing to be that of a trustworthy company. Once at that page, the recipients enter their personal information, which is then captured by the fraudster.
When the recipients realize that they are victims of a scam, they complain directly to the company that has been spoofed. The defrauded company is then flooded with thousands of angry complaints, severely straining their IT resources, as well as damaging their brand value and customer relationships.